Ayelet Steinitz, VP of business development and partnerships at the Cupertino, California-based company, said it had initially targeted Sun (with whom it announced integration at the RSA Conference in February) and Oracle (announced April 2) because we see them as the top two, adding that it is in conversations with other usual suspects in IDM.
In essence, the Sun and Oracle deals are very similar, in that in both cases they involve ForeScout’s CounterACT appliance integrating with the respective vendor’s Access Manager and Identity Manager products (Sun and Oracle conveniently even use the same nomenclature, which makes it easier to compare the two). That said, Steinitz said the back end is quite different in the two cases because of the way IDM is implemented by each.
She added that integration with each company’s IDM and access management infrastructure was a four-step process, the first being simply the ability to populate field with additional information about a non-compliant machine, enabling us to say in what building and what room it is, as well as what extension the user is on.
Next comes the ability to integrate role-based information to ForeScout’s device-based data. In other words, we can say, for instance, that a guy in the finance department should be able to run a particular app if he’s not in the office, or that IT can run peer-to-peer, but no-one else, said Steinitz.
Then there is the aspect of the NAC device becoming the enforcement point for the IDM infrastructure, whereby we can enforce the policy that every device, and every user, must be authenticate, she went on, adding that this was actually the initial driver for the rapprochement with both Sun and Oracle.
Finally there is integrated reporting across the IDM and NAC domains, which is important for audits and compliance generally.
All four of these phases are predicated on deeper integration between the CounterACT technology and the respective IDM vendor’s LDAP directory and provisioning engine, since they are at the heart of their ability to manage identities in an enterprise environment.
Our Take
These two alliances are logical steps for ForeScout, which gets some heavyweight partners and, it hopes, some of the Sun and Oracle channel pushing its technology. IBM already has a couple of relationships with NAC vendors, the most high-profile being with Cisco, which integrates with Tivoli’s IDM offerings, while the ISS business has a deal with another NAC start-up, Mirage. It will be interesting to see who ForeScout teams with next: BMC and HP would seem to have potential, though IBM is a broad enough church that it might also become yet another NAC partner for Big Blue.
